Audit April 2025 - 4.8 - Added Reentrancy Guard to SwapByDelegation

hanzel98 · hanzel98 · commit e1f7c630ce8c · 2025-04-23T21:55:38.000-06:00
diff --git a/src/helpers/DelegationMetaSwapAdapter.sol b/src/helpers/DelegationMetaSwapAdapter.sol
@@ -6,6 +6,7 @@ import { MessageHashUtils } from "@openzeppelin/contracts/utils/cryptography/Mes
 import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import { Ownable2Step, Ownable } from "@openzeppelin/contracts/access/Ownable2Step.sol";
+import { ReentrancyGuard } from "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 import { ModeLib } from "@erc7579/lib/ModeLib.sol";
 import { ExecutionLib } from "@erc7579/lib/ExecutionLib.sol";
 import { ExecutionHelper } from "@erc7579/core/ExecutionHelper.sol";
@@ -27,7 +28,7 @@ import { CALLTYPE_SINGLE, EXECTYPE_DEFAULT } from "../utils/Constants.sol";
  *      signature that incorporates an expiration timestamp. The signature is verified during swap execution to ensure
  *      that it is still valid.
  */
-contract DelegationMetaSwapAdapter is ExecutionHelper, Ownable2Step {
+contract DelegationMetaSwapAdapter is ExecutionHelper, Ownable2Step, ReentrancyGuard {
     using ModeLib for ModeCode;
     using ExecutionLib for bytes;
     using SafeERC20 for IERC20;
@@ -218,6 +219,7 @@ contract DelegationMetaSwapAdapter is ExecutionHelper, Ownable2Step {
         bool _useTokenWhitelist
     )
         external
+        nonReentrant
     {
         _validateSignature(_signatureData);
 
@@ -274,7 +276,7 @@ contract DelegationMetaSwapAdapter is ExecutionHelper, Ownable2Step {
      * @param _tokenTo The output token of the swap.
      * @param _recipient The address that will receive the swapped tokens.
      * @param _amountFrom The amount of tokens to be swapped.
-     * @param _balanceFromBefore The contract’s balance of _tokenFrom before the incoming token transfer is credited.
+     * @param _balanceFromBefore The contract's balance of _tokenFrom before the incoming token transfer is credited.
      * @param _swapData Arbitrary data required by the aggregator (e.g. encoded swap params).
      */
     function swapTokens(
diff --git a/test/helpers/DelegationMetaSwapAdapter.t.sol b/test/helpers/DelegationMetaSwapAdapter.t.sol
@@ -6,6 +6,7 @@ import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
 import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
 import { ExecutionLib } from "@erc7579/lib/ExecutionLib.sol";
+import { ReentrancyGuard } from "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 
 import { BasicERC20 } from "../utils/BasicERC20.t.sol";
 import { BaseTest } from "../utils/BaseTest.t.sol";
@@ -477,6 +478,37 @@ contract DelegationMetaSwapAdapterMockTest is DelegationMetaSwapAdapterBaseTest
         delegationMetaSwapAdapter.swapByDelegation(sigData_, delegations_, false);
     }
 
+    /**
+     * @notice Tests that the swapByDelegation function is protected against reentrancy attacks
+     */
+    function test_revertOnReentrancy() public {
+        // Set up mock contracts
+        _setUpMockContracts();
+
+        // Create malicious token that will attempt reentrancy
+        ReentrantToken maliciousToken_ = new ReentrantToken(address(delegationMetaSwapAdapter));
+        tokenA = BasicERC20(address(maliciousToken_));
+
+        _updateAllowedTokens();
+
+        // Build the delegation chain
+        Delegation[] memory delegations_ = new Delegation[](2);
+        Delegation memory vaultDelegation_ = _getVaultDelegation();
+        Delegation memory subVaultDelegation_ = _getSubVaultDelegation(EncoderLib._getDelegationHash(vaultDelegation_));
+        delegations_[1] = vaultDelegation_;
+        delegations_[0] = subVaultDelegation_;
+
+        // Prepare swap data with malicious token
+        bytes memory swapData_ = _encodeSwapData(IERC20(tokenA), IERC20(tokenB), amountFrom, amountTo, hex"", 0, address(0), true);
+        bytes memory apiData_ = _encodeApiData(aggregatorId, IERC20(tokenA), amountFrom, swapData_);
+        DelegationMetaSwapAdapter.SignatureData memory sigData_ = _buildSigData(apiData_);
+
+        // Attempt reentrancy attack
+        vm.prank(address(subVault.deleGator));
+        vm.expectRevert(ReentrancyGuard.ReentrancyGuardReentrantCall.selector);
+        delegationMetaSwapAdapter.swapByDelegation(sigData_, delegations_, true);
+    }
+
     /// @notice Verifies that only the current owner can initiate ownership transfer.
     function test_revert_transferOwnership_ifNotOwner() public {
         _setUpMockContracts();
@@ -1444,3 +1476,20 @@ contract MetaSwapMock {
         }
     }
 }
+
+// Helper contract that attempts reentrancy
+contract ReentrantToken is ERC20 {
+    address public immutable delegationMetaSwapAdapter;
+
+    constructor(address _delegationMetaSwapAdapter) ERC20("Malicious", "MAL") {
+        delegationMetaSwapAdapter = _delegationMetaSwapAdapter;
+    }
+
+    function transfer(address, uint256) public override returns (bool) {
+        // Attempt to reenter swapByDelegation
+        DelegationMetaSwapAdapter(payable(delegationMetaSwapAdapter)).swapByDelegation(
+            DelegationMetaSwapAdapter.SignatureData({ signature: hex"", expiration: 0, apiData: hex"" }), new Delegation[](0), true
+        );
+        return true;
+    }
+}
